Geek Answers Handbook

The ssh2 module fails with creds that succeed in the CLI

I successfully executed ssh 'd in Google Cloud Compute via CLI with the following command:

 ssh -i ~/.ssh/my-ssh-key me@ipnumber

But using the ssh2 module does not produce any output, including errors.

 var fs = require('fs'); var Client = require('ssh2').Client; var connSettings = { host: IP, // 'XXX.XXX.XXX.XX' port: PORT, // XXXX username: ME, privateKey: privateKey, //fs.readFileSync(location, 'utf8') passphrase: passphrase, password: password }; var conn = new Client(); conn.on('ready', function() { //first example in README console.log('Client :: ready'); conn.exec('uptime', function(err, stream) { if (err) throw err; //nothing stream.on('close', function(code, signal) { console.log('Stream :: close :: code: ' + code + ', signal: ' + signal); //nothing conn.end(); }).on('data', function(data) { console.log('STDOUT: ' + data); //nothing }).stderr.on('data', function(data) { console.log('STDERR: ' + data); //nothing }); }); }) .on('error', function(err) { console.error('err', error); //nothing }) .connect(connSettings);

I end up /var/log/secure as I am debugging a node script and I can see the log entries when I ssh and close the session from the CLI, but nothing happens when I try to execute node ssh2 .

What could cause this connection to fail?

+7
javascript linux ssh google-cloud-platform
source share
1 answer

UPDATE I am sure that your client will register the server identifier string and send immediately after connecting. Therefore, if you do not see this information, it should be so that the server does not send anything. Now, when you tried to use the CLI SSH, and it works, as soon as we rule out the impossible, the only remaining explanation, which seems unlikely, is that you are not connecting to the same server / port . For some reason, port 8080 on the target server does not start the SSH2 server.

One possible interpretation is this: the server does something else on port 8080, which allows you to connect, but does not send anything initially (for example, an HTTP server). When you connect to the SSH CLI, you think it uses port 8080, but for some reason the directive in the ssh_config file does not work, and the CLI SSH connects to the true SSH server and works, and node SSH connects to another server, and therefore it does not work.

To check, try telnet'ting on port 8080 of this server and make sure it responds with the SSH2 banner:

 Connected to xxx.xxx.xxx.xxx port 22 Escape character is '^]'. SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 ^C Connection closed by foreign host.

If it does not respond with the "SSH -..." icon, I think this demonstrates enough that the SSH CLI is connecting elsewhere. Where? To detect this, run the SSH CLI again using debugging:

 ssh -vvv xxx.xxx.xxx.xxx ... 2>&1 | grep "Connecting to"

(You will need to exit by pressing Ctrl-C). This should give you:

 debug1: Connecting to whatever [xxx.xxx.xxx.xxx] port XYZK

And that the values ​​xxx.xxx.xxx.xxx and XYZK are the ones you need to pass to the node client.

PREVIOUS ANSWER

I am not familiar with nodejs SSH2, but I had the SSH2 library (closed source, however) played this exact trick to me a few months ago. "Connected ..." and then nothing.

It turned out that the client uses a cipher that the server did not support, and for some reason, while this is displayed by the OpenSSH2 CLI client, the library chose not to display an error. It was pretty dirty to figure out the essence of things.

I see on the GitHub page that some ciphers require "node v0.11.12 or later." Is this your case? If not, you can try updating node .

In any case, I will follow @AttRigh's suggestion and run sshd on the server in debug mode. If you can not:

  • record the output of the ssh2 CLI client in full debug mode and extract the cipher that it uses,
  • configure the sshd server with this encryption, while others do not,
  • start the node client with this server.

Also, now that I’ve thought about it, you can configure the sshd server anyway with the default settings and make sure that you can connect to it. This would somewhat limit the problem.

+5
source share

More articles:


All Articles